I was basically following this guide https://enable-cors.org/server_apache.html
However, on another guide here - https://ubiq.co/tech-blog/set-access-control-allow-origin-cors-headers-apache/. Maybe you just need to add Header set Access-Control-Allow-Origin "*"
Try to see if any of those works out for you. I run nginx so I'm able to test it. Don't have Apache2 running atm to verify.